* Re: [PATCH 2/5] ide: kill ide_toggle_bounce
From: Jens Axboe @ 2018-04-26 15:11 UTC (permalink / raw)
To: Christoph Hellwig
Cc: linux-arch-u79uwXL29TY76Z2rM5mHXA,
linux-scsi-u79uwXL29TY76Z2rM5mHXA, netdev-u79uwXL29TY76Z2rM5mHXA,
linux-kernel-u79uwXL29TY76Z2rM5mHXA,
linux-block-u79uwXL29TY76Z2rM5mHXA,
linux-ide-u79uwXL29TY76Z2rM5mHXA,
iommu-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA,
David S. Miller
In-Reply-To: <20180426072033.GA14700-jcswGhMUV9g@public.gmane.org>
On 4/26/18 1:20 AM, Christoph Hellwig wrote:
> On Tue, Apr 24, 2018 at 08:02:56PM -0600, Jens Axboe wrote:
>> On 4/24/18 12:16 PM, Christoph Hellwig wrote:
>>> ide_toggle_bounce did select various strange block bounce limits, including
>>> not bouncing at all as soon as an iommu is present in the system. Given
>>> that the dma_map routines now handle any required bounce buffering except
>>> for ISA DMA, and the ide code already must handle either ISA DMA or highmem
>>> at least for iommu equipped systems we can get rid of the block layer
>>> bounce limit setting entirely.
>>
>> Pretty sure I was the one to add this code, when highmem page IO was
>> enabled about two decades ago...
>>
>> Outside of DMA, the issue was that the PIO code could not handle
>> highmem. That's not the case anymore, so this should be fine.
>
> Yes, that is the rationale. Any chance to you could look over the
> other patches as well? Except for the networking one for which I'd
> really like to see a review from Dave all the users of the interface
> are block related.
You can add my reviewed-by to 1-3, and 5. Looks good to me.
--
Jens Axboe
^ permalink raw reply
* Re: [PATCH net] net: systemport: Correclty disambiguate driver instances
From: Vivien Didelot @ 2018-04-26 15:06 UTC (permalink / raw)
To: Florian Fainelli, netdev; +Cc: davem, Florian Fainelli
In-Reply-To: <20180425232151.23649-1-f.fainelli@gmail.com>
Florian Fainelli <f.fainelli@gmail.com> writes:
> While adding the DSA notifier, we will be sending DSA notifications with
> info->master that is going to point to a particular net_device instance.
>
> Our logic in bcm_sysport_map_queues() correctly disambiguates net_device
> instances that are not covered by our own driver, but it will not make
> sure that info->master points to a particular driver instance that we
> are interested in. In a system where e.g: two or more SYSTEMPORT
> instances are registered, this would lead in programming two or more
> times the queue mapping, completely messing with the logic which does
> the queue/port allocation and tracking.
>
> Fix this by looking at the notifier_block pointer which is unique per
> instance and allows us to go back to our driver private structure, and
> in turn to the backing net_device instance.
>
> Fixes: d156576362c0 ("net: systemport: Establish lower/upper queue mapping")
> Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
^ permalink raw reply
* [PATCH net-next v3 1/4] net/smc: fix structure size
From: Ursula Braun @ 2018-04-26 15:18 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl, ubraun
In-Reply-To: <20180426151823.78967-1-ubraun@linux.ibm.com>
From: Karsten Graul <kgraul@linux.ibm.com>
The struct smc_cdc_msg must be defined as packed so the
size is 44 bytes.
And change the structure size check so sizeof is checked.
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/smc_cdc.c | 2 +-
net/smc/smc_cdc.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/smc/smc_cdc.c b/net/smc/smc_cdc.c
index b42395d24cba..42ad57365eca 100644
--- a/net/smc/smc_cdc.c
+++ b/net/smc/smc_cdc.c
@@ -82,7 +82,7 @@ static inline void smc_cdc_add_pending_send(struct smc_connection *conn,
sizeof(struct smc_cdc_msg) > SMC_WR_BUF_SIZE,
"must increase SMC_WR_BUF_SIZE to at least sizeof(struct smc_cdc_msg)");
BUILD_BUG_ON_MSG(
- offsetof(struct smc_cdc_msg, reserved) > SMC_WR_TX_SIZE,
+ sizeof(struct smc_cdc_msg) != SMC_WR_TX_SIZE,
"must adapt SMC_WR_TX_SIZE to sizeof(struct smc_cdc_msg); if not all smc_wr upper layer protocols use the same message size any more, must start to set link->wr_tx_sges[i].length on each individual smc_wr_tx_send()");
BUILD_BUG_ON_MSG(
sizeof(struct smc_cdc_tx_pend) > SMC_WR_TX_PEND_PRIV_SIZE,
diff --git a/net/smc/smc_cdc.h b/net/smc/smc_cdc.h
index ab240b37ad11..d2012fd22100 100644
--- a/net/smc/smc_cdc.h
+++ b/net/smc/smc_cdc.h
@@ -48,7 +48,7 @@ struct smc_cdc_msg {
struct smc_cdc_producer_flags prod_flags;
struct smc_cdc_conn_state_flags conn_state_flags;
u8 reserved[18];
-} __aligned(8);
+} __packed; /* format defined in RFC7609 */
static inline bool smc_cdc_rxed_any_close(struct smc_connection *conn)
{
--
2.13.5
^ permalink raw reply related
* [PATCH net-next v3 2/4] net/smc: handle sockopts forcing fallback
From: Ursula Braun @ 2018-04-26 15:18 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl, ubraun
In-Reply-To: <20180426151823.78967-1-ubraun@linux.ibm.com>
From: Ursula Braun <ubraun@linux.ibm.com>
Several TCP sockopts do not work for SMC. One example are the
TCP_FASTOPEN sockopts, since SMC-connection setup is based on the TCP
three-way-handshake.
If the SMC socket is still in state SMC_INIT, such sockopts trigger
fallback to TCP. Otherwise an error is returned.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/af_smc.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++----
1 file changed, 50 insertions(+), 4 deletions(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 4470501374bf..d274be7265ea 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -391,6 +391,9 @@ static int smc_connect_rdma(struct smc_sock *smc)
sock_hold(&smc->sk); /* sock put in passive closing */
+ if (smc->use_fallback)
+ goto out_connected;
+
if (!tcp_sk(smc->clcsock->sk)->syn_smc) {
/* peer has not signalled SMC-capability */
smc->use_fallback = true;
@@ -790,6 +793,9 @@ static void smc_listen_work(struct work_struct *work)
int rc = 0;
u8 ibport;
+ if (new_smc->use_fallback)
+ goto out_connected;
+
/* check if peer is smc capable */
if (!tcp_sk(newclcsock->sk)->syn_smc) {
new_smc->use_fallback = true;
@@ -968,7 +974,7 @@ static void smc_tcp_listen_work(struct work_struct *work)
continue;
new_smc->listen_smc = lsmc;
- new_smc->use_fallback = false; /* assume rdma capability first*/
+ new_smc->use_fallback = lsmc->use_fallback;
sock_hold(lsk); /* sock_put in smc_listen_work */
INIT_WORK(&new_smc->smc_listen_work, smc_listen_work);
smc_copy_sock_settings_to_smc(new_smc);
@@ -1004,7 +1010,8 @@ static int smc_listen(struct socket *sock, int backlog)
* them to the clc socket -- copy smc socket options to clc socket
*/
smc_copy_sock_settings_to_clc(smc);
- tcp_sk(smc->clcsock->sk)->syn_smc = 1;
+ if (!smc->use_fallback)
+ tcp_sk(smc->clcsock->sk)->syn_smc = 1;
rc = kernel_listen(smc->clcsock, backlog);
if (rc)
@@ -1097,6 +1104,16 @@ static int smc_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
(sk->sk_state != SMC_APPCLOSEWAIT1) &&
(sk->sk_state != SMC_INIT))
goto out;
+
+ if (msg->msg_flags & MSG_FASTOPEN) {
+ if (sk->sk_state == SMC_INIT) {
+ smc->use_fallback = true;
+ } else {
+ rc = -EINVAL;
+ goto out;
+ }
+ }
+
if (smc->use_fallback)
rc = smc->clcsock->ops->sendmsg(smc->clcsock, msg, len);
else
@@ -1274,14 +1291,43 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
{
struct sock *sk = sock->sk;
struct smc_sock *smc;
+ int rc;
smc = smc_sk(sk);
/* generic setsockopts reaching us here always apply to the
* CLC socket
*/
- return smc->clcsock->ops->setsockopt(smc->clcsock, level, optname,
- optval, optlen);
+ rc = smc->clcsock->ops->setsockopt(smc->clcsock, level, optname,
+ optval, optlen);
+ if (smc->clcsock->sk->sk_err) {
+ sk->sk_err = smc->clcsock->sk->sk_err;
+ sk->sk_error_report(sk);
+ }
+ if (rc)
+ return rc;
+
+ lock_sock(sk);
+ switch (optname) {
+ case TCP_ULP:
+ case TCP_FASTOPEN:
+ case TCP_FASTOPEN_CONNECT:
+ case TCP_FASTOPEN_KEY:
+ case TCP_FASTOPEN_NO_COOKIE:
+ /* option not supported by SMC */
+ if (sk->sk_state == SMC_INIT) {
+ smc->use_fallback = true;
+ } else {
+ if (!smc->use_fallback)
+ rc = -EINVAL;
+ }
+ break;
+ default:
+ break;
+ }
+ release_sock(sk);
+
+ return rc;
}
static int smc_getsockopt(struct socket *sock, int level, int optname,
--
2.13.5
^ permalink raw reply related
* [PATCH net-next v3 4/4] net/smc: handle sockopt TCP_DEFER_ACCEPT
From: Ursula Braun @ 2018-04-26 15:18 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl, ubraun
In-Reply-To: <20180426151823.78967-1-ubraun@linux.ibm.com>
From: Ursula Braun <ubraun@linux.ibm.com>
If sockopt TCP_DEFER_ACCEPT is set, the accept is delayed till
data is available.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/af_smc.c | 26 +++++++++++++++++++++++++-
net/smc/smc.h | 4 ++++
net/smc/smc_rx.c | 2 +-
net/smc/smc_rx.h | 1 +
4 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 9d8b381281e3..20aa4175b9f8 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1044,6 +1044,7 @@ static int smc_accept(struct socket *sock, struct socket *new_sock,
if (lsmc->sk.sk_state != SMC_LISTEN) {
rc = -EINVAL;
+ release_sock(sk);
goto out;
}
@@ -1071,9 +1072,29 @@ static int smc_accept(struct socket *sock, struct socket *new_sock,
if (!rc)
rc = sock_error(nsk);
+ release_sock(sk);
+ if (rc)
+ goto out;
+
+ if (lsmc->sockopt_defer_accept && !(flags & O_NONBLOCK)) {
+ /* wait till data arrives on the socket */
+ timeo = msecs_to_jiffies(lsmc->sockopt_defer_accept *
+ MSEC_PER_SEC);
+ if (smc_sk(nsk)->use_fallback) {
+ struct sock *clcsk = smc_sk(nsk)->clcsock->sk;
+
+ lock_sock(clcsk);
+ if (skb_queue_empty(&clcsk->sk_receive_queue))
+ sk_wait_data(clcsk, &timeo, NULL);
+ release_sock(clcsk);
+ } else if (!atomic_read(&smc_sk(nsk)->conn.bytes_to_rcv)) {
+ lock_sock(nsk);
+ smc_rx_wait_data(smc_sk(nsk), &timeo);
+ release_sock(nsk);
+ }
+ }
out:
- release_sock(sk);
sock_put(sk); /* sock_hold above */
return rc;
}
@@ -1340,6 +1361,9 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
0);
}
break;
+ case TCP_DEFER_ACCEPT:
+ smc->sockopt_defer_accept = val;
+ break;
default:
break;
}
diff --git a/net/smc/smc.h b/net/smc/smc.h
index e4829a2f46ba..2405e889b93d 100644
--- a/net/smc/smc.h
+++ b/net/smc/smc.h
@@ -180,6 +180,10 @@ struct smc_sock { /* smc sock container */
struct list_head accept_q; /* sockets to be accepted */
spinlock_t accept_q_lock; /* protects accept_q */
bool use_fallback; /* fallback to tcp */
+ int sockopt_defer_accept;
+ /* sockopt TCP_DEFER_ACCEPT
+ * value
+ */
u8 wait_close_tx_prepared : 1;
/* shutdown wr or close
* started, waiting for unsent
diff --git a/net/smc/smc_rx.c b/net/smc/smc_rx.c
index eff4e0d0bb31..af851d8df1f8 100644
--- a/net/smc/smc_rx.c
+++ b/net/smc/smc_rx.c
@@ -51,7 +51,7 @@ static void smc_rx_data_ready(struct sock *sk)
* 1 if at least 1 byte available in rcvbuf or if socket error/shutdown.
* 0 otherwise (nothing in rcvbuf nor timeout, e.g. interrupted).
*/
-static int smc_rx_wait_data(struct smc_sock *smc, long *timeo)
+int smc_rx_wait_data(struct smc_sock *smc, long *timeo)
{
DEFINE_WAIT_FUNC(wait, woken_wake_function);
struct smc_connection *conn = &smc->conn;
diff --git a/net/smc/smc_rx.h b/net/smc/smc_rx.h
index 3a32b59bf06c..0b75a6b470e6 100644
--- a/net/smc/smc_rx.h
+++ b/net/smc/smc_rx.h
@@ -20,5 +20,6 @@
void smc_rx_init(struct smc_sock *smc);
int smc_rx_recvmsg(struct smc_sock *smc, struct msghdr *msg, size_t len,
int flags);
+int smc_rx_wait_data(struct smc_sock *smc, long *timeo);
#endif /* SMC_RX_H */
--
2.13.5
^ permalink raw reply related
* [PATCH net-next v3 3/4] net/smc: sockopts TCP_NODELAY and TCP_CORK
From: Ursula Braun @ 2018-04-26 15:18 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl, ubraun
In-Reply-To: <20180426151823.78967-1-ubraun@linux.ibm.com>
From: Ursula Braun <ubraun@linux.ibm.com>
Setting sockopt TCP_NODELAY or resetting sockopt TCP_CORK
triggers data transfer.
For a corked SMC socket RDMA writes are deferred, if there is
still sufficient send buffer space available.
Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
---
net/smc/af_smc.c | 20 +++++++++++++++++++-
net/smc/smc_tx.c | 24 +++++++++++++++++++++---
2 files changed, 40 insertions(+), 4 deletions(-)
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index d274be7265ea..9d8b381281e3 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1291,7 +1291,7 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
{
struct sock *sk = sock->sk;
struct smc_sock *smc;
- int rc;
+ int val, rc;
smc = smc_sk(sk);
@@ -1307,6 +1307,10 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
if (rc)
return rc;
+ if (optlen < sizeof(int))
+ return rc;
+ get_user(val, (int __user *)optval);
+
lock_sock(sk);
switch (optname) {
case TCP_ULP:
@@ -1322,6 +1326,20 @@ static int smc_setsockopt(struct socket *sock, int level, int optname,
rc = -EINVAL;
}
break;
+ case TCP_NODELAY:
+ if (sk->sk_state != SMC_INIT && sk->sk_state != SMC_LISTEN) {
+ if (val)
+ mod_delayed_work(system_wq, &smc->conn.tx_work,
+ 0);
+ }
+ break;
+ case TCP_CORK:
+ if (sk->sk_state != SMC_INIT && sk->sk_state != SMC_LISTEN) {
+ if (!val)
+ mod_delayed_work(system_wq, &smc->conn.tx_work,
+ 0);
+ }
+ break;
default:
break;
}
diff --git a/net/smc/smc_tx.c b/net/smc/smc_tx.c
index 72f004c9c9b1..58dfe0bd9d60 100644
--- a/net/smc/smc_tx.c
+++ b/net/smc/smc_tx.c
@@ -19,6 +19,7 @@
#include <linux/sched/signal.h>
#include <net/sock.h>
+#include <net/tcp.h>
#include "smc.h"
#include "smc_wr.h"
@@ -26,6 +27,7 @@
#include "smc_tx.h"
#define SMC_TX_WORK_DELAY HZ
+#define SMC_TX_CORK_DELAY (HZ >> 2) /* 250 ms */
/***************************** sndbuf producer *******************************/
@@ -115,6 +117,13 @@ static int smc_tx_wait_memory(struct smc_sock *smc, int flags)
return rc;
}
+static bool smc_tx_is_corked(struct smc_sock *smc)
+{
+ struct tcp_sock *tp = tcp_sk(smc->clcsock->sk);
+
+ return (tp->nonagle & TCP_NAGLE_CORK) ? true : false;
+}
+
/* sndbuf producer: main API called by socket layer.
* called under sock lock.
*/
@@ -209,7 +218,16 @@ int smc_tx_sendmsg(struct smc_sock *smc, struct msghdr *msg, size_t len)
/* since we just produced more new data into sndbuf,
* trigger sndbuf consumer: RDMA write into peer RMBE and CDC
*/
- smc_tx_sndbuf_nonempty(conn);
+ if ((msg->msg_flags & MSG_MORE || smc_tx_is_corked(smc)) &&
+ (atomic_read(&conn->sndbuf_space) >
+ (conn->sndbuf_size >> 1)))
+ /* for a corked socket defer the RDMA writes if there
+ * is still sufficient sndbuf_space available
+ */
+ schedule_delayed_work(&conn->tx_work,
+ SMC_TX_CORK_DELAY);
+ else
+ smc_tx_sndbuf_nonempty(conn);
} /* while (msg_data_left(msg)) */
return send_done;
@@ -409,8 +427,8 @@ int smc_tx_sndbuf_nonempty(struct smc_connection *conn)
}
rc = 0;
if (conn->alert_token_local) /* connection healthy */
- schedule_delayed_work(&conn->tx_work,
- SMC_TX_WORK_DELAY);
+ mod_delayed_work(system_wq, &conn->tx_work,
+ SMC_TX_WORK_DELAY);
}
goto out_unlock;
}
--
2.13.5
^ permalink raw reply related
* [PATCH net-next v3 0/4] fixes from 2018-04-17 - v3
From: Ursula Braun @ 2018-04-26 15:18 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-s390, schwidefsky, heiko.carstens, raspl, ubraun
From: Ursula Braun <ursula.braun@linux.ibm.com>
Dave,
in the mean time we challenged the benefit of these CLC handshake
optimizations for the sockopts TCP_NODELAY and TCP_CORK.
We decided to give up on them for now, since SMC still works
properly without.
There is now version 3 of the patch series with patches 2-4 implementing
sockopts that require special handling in SMC.
Version 3 changes
* no deferring of setsockopts TCP_NODELAY and TCP_CORK anymore
* allow fallback for some sockopts eliminating SMC usage
* when setting TCP_NODELAY always enforce data transmission
(not only together with corked data)
Version 2 changes of Patch 2/4 (and 3/4):
* return error -EOPNOTSUPP for TCP_FASTOPEN sockopts
* fix a kernel_setsockopt() usage bug by switching parameter
variable from type "u8" to "int"
* add return code validation when calling kernel_setsockopt()
* propagate a setsockopt error on the internal CLC socket
to the SMC socket.
Regards, Ursula
Karsten Graul (1):
net/smc: fix structure size
Ursula Braun (3):
net/smc: handle sockopts forcing fallback
net/smc: handle sockopt TCP_CORK
net/smc: handle sockopt TCP_DEFER_ACCEPT
net/smc/af_smc.c | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++---
net/smc/smc.h | 4 +++
net/smc/smc_cdc.c | 2 +-
net/smc/smc_cdc.h | 2 +-
net/smc/smc_rx.c | 2 +-
net/smc/smc_rx.h | 1 +
net/smc/smc_tx.c | 24 ++++++++++++--
7 files changed, 122 insertions(+), 11 deletions(-)
--
2.13.5
^ permalink raw reply
* Re: [PATCH net-next 0/8] net: Extend availability of PHY statistics
From: Nikita Yushchenko @ 2018-04-26 15:22 UTC (permalink / raw)
To: Florian Fainelli, netdev; +Cc: andrew, vivien.didelot, cphealy, davem
In-Reply-To: <20180425191254.3467-1-f.fainelli@gmail.com>
> Hi all,
>
> This patch series adds support for retrieving PHY statistics with DSA switches
> when the CPU port uses a PHY to PHY connection (as opposed to MAC to MAC).
> To get there a number of things are done:
Tested-By: Nikita Yushchenko <nikita.yoush@cogentembedded.com>
Checked on RDU1 and RDU2.
FEC PHY statistics keeps shown.
No new statistics appears but it is not expected with Marvell switch.
Nikita
^ permalink raw reply
* Re: [dm-devel] [PATCH v5] fault-injection: introduce kvmalloc fallback options
From: Mikulas Patocka @ 2018-04-26 15:22 UTC (permalink / raw)
To: James Bottomley
Cc: David Rientjes, dm-devel, eric.dumazet, mst, netdev, jasowang,
Randy Dunlap, linux-kernel, Matthew Wilcox, Michal Hocko,
linux-mm, edumazet, Andrew Morton, virtualization, David Miller,
Vlastimil Babka
In-Reply-To: <alpine.LRH.2.02.1804261045001.9108@file01.intranet.prod.int.rdu2.redhat.com>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2023 bytes --]
On Thu, 26 Apr 2018, Mikulas Patocka wrote:
>
>
> On Wed, 25 Apr 2018, James Bottomley wrote:
>
> > > BTW. even developers who compile their own kernel should have this
> > > enabled by a CONFIG option - because if the developer sees the option
> > > when browsing through menuconfig, he may enable it. If he doesn't see
> > > the option, he won't even know that such an option exists.
> >
> > I may be an atypical developer but I'd rather have a root canal than
> > browse through menuconfig options. The way to get people to learn
> > about new debugging options is to blog about it (or write an lwn.net
> > article) which google will find the next time I ask it how I debug XXX.
> > Google (probably as a service to humanity) rarely turns up Kconfig
> > options in response to a query.
>
> From my point of view, this feature should be as little disruptive to the
> developer as possible. It should work automatically behind the scenes
> without the developer or the tester even knowing that it is working. From
> this point of view, binding it to CONFIG_DEBUG_SG (or any other commonly
> used debugging option) would be ideal, because driver developers already
> enable CONFIG_DEBUG_SG, so they'll get this kvmalloc test for free.
>
> From your point of view, you should introduce a sysfs file and a kernel
> parameter that no one knows about - and then start blogging about it - to
> let people know. Why would you bother people with this knowledge? They'll
> forget about it anyway and won't turn it on.
BTW. try to think about - how many total lines of code should this feature
consume in the whole Linux ecosystem?
I made a 10-line patch. I got pushback.
I remade it to a 53-line patch. And you try to suggest that 53 lines is
not enough and we must also change kernel packaging scripts in distro
kernels, because the kernel just cannot enable this feature on its own.
If we hack kernel packaging scripts in most distros, how many lines of
code would that be? What's your target?
Mikulas
^ permalink raw reply
* Re: [dm-devel] [PATCH v5] fault-injection: introduce kvmalloc fallback options
From: James Bottomley @ 2018-04-26 15:24 UTC (permalink / raw)
To: Mikulas Patocka
Cc: Michal Hocko, David Rientjes, dm-devel, eric.dumazet, mst, netdev,
jasowang, Randy Dunlap, linux-kernel, Matthew Wilcox, linux-mm,
edumazet, Andrew Morton, virtualization, David Miller,
Vlastimil Babka
In-Reply-To: <alpine.LRH.2.02.1804261100170.12157@file01.intranet.prod.int.rdu2.redhat.com>
On Thu, 2018-04-26 at 11:05 -0400, Mikulas Patocka wrote:
>
> On Thu, 26 Apr 2018, James Bottomley wrote:
[...]
> > Perhaps find out beforehand instead of insisting on an approach
> without
> > knowing. On openSUSE the grub config is built from the files in
> > /etc/grub.d/ so any package can add a kernel option (and various
> > conditions around activating it) simply by adding a new file.
>
> And then, different versions of the debug kernel will clash when
> attempting to create the same file.
Don't be silly ... there are many ways of coping with that in rpm/dpkg.
However, I take it the fact you're now trying to get me to explain
them means you take the point that a kernel dynamic option can be
activated in a variety of easy ways in a distribution including through
the boot menu; so if you want this to appear in the boot menu you don't
need a Kconfig option to achieve it.
> And what about other distributions? What about people who the RHEL
> kernel from source with "make"?
Well, if you build your own kernel and we have a dynamic option, it
will "just work" without you having to muck about trying to re-Kconfig
it, so I'd see that as a win.
> The problem with this approach that you are trying to bother more and
> more people with this little silly feature.
So you're shifting your argument from "I have to do it as a Kconfig
option because the distros require it" to "distributions will build
separate kernel packages for this, but won't do enabling in a non
kernel package"? To be honest, I think the argument is nuts but I
don't really care. From my point of view it's usually me explaining to
people how to debug stuff and "you have to build your own kernel with
this Kconfig option" compared to "add this to the kernel command line
and reboot" is much more effort for the debugger.
James
^ permalink raw reply
* [RFC PATCH] bpf: lwt_out_verifier_ops can be static
From: kbuild test robot @ 2018-04-26 15:29 UTC (permalink / raw)
To: Mathieu Xhonneux; +Cc: kbuild-all, netdev, dlebrun, alexei.starovoitov
In-Reply-To: <1a00b0c169c46a6444dea2b9f76e9c83430faa87.1524591163.git.m.xhonneux@gmail.com>
Fixes: 5c3289b57b1b ("bpf: Split lwt inout verifier structures")
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
---
filter.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index 8a2331c..690e0b1 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -5803,13 +5803,13 @@ const struct bpf_prog_ops lwt_in_prog_ops = {
.test_run = bpf_prog_test_run_skb,
};
-const struct bpf_verifier_ops lwt_out_verifier_ops = {
+static const struct bpf_verifier_ops lwt_out_verifier_ops = {
.get_func_proto = lwt_out_func_proto,
.is_valid_access = lwt_is_valid_access,
.convert_ctx_access = bpf_convert_ctx_access,
};
-const struct bpf_prog_ops lwt_out_prog_ops = {
+static const struct bpf_prog_ops lwt_out_prog_ops = {
.test_run = bpf_prog_test_run_skb,
};
^ permalink raw reply related
* Re: [PATCH net-next v2 3/5] bpf: Split lwt inout verifier structures
From: kbuild test robot @ 2018-04-26 15:29 UTC (permalink / raw)
To: Mathieu Xhonneux; +Cc: kbuild-all, netdev, dlebrun, alexei.starovoitov
In-Reply-To: <1a00b0c169c46a6444dea2b9f76e9c83430faa87.1524591163.git.m.xhonneux@gmail.com>
Hi Mathieu,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on net-next/master]
url: https://github.com/0day-ci/linux/commits/Mathieu-Xhonneux/ipv6-sr-introduce-seg6local-End-BPF-action/20180426-082209
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
net/core/filter.c:110:48: sparse: expression using sizeof(void)
net/core/filter.c:110:48: sparse: expression using sizeof(void)
net/core/filter.c:323:33: sparse: subtraction of functions? Share your drugs
net/core/filter.c:326:33: sparse: subtraction of functions? Share your drugs
net/core/filter.c:329:33: sparse: subtraction of functions? Share your drugs
net/core/filter.c:332:33: sparse: subtraction of functions? Share your drugs
net/core/filter.c:335:33: sparse: subtraction of functions? Share your drugs
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
net/core/filter.c:1189:39: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct sock_filter const *filter @@ got struct sockstruct sock_filter const *filter @@
net/core/filter.c:1189:39: expected struct sock_filter const *filter
net/core/filter.c:1189:39: got struct sock_filter [noderef] <asn:1>*filter
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
net/core/filter.c:1291:39: sparse: incorrect type in argument 1 (different address spaces) @@ expected struct sock_filter const *filter @@ got struct sockstruct sock_filter const *filter @@
net/core/filter.c:1291:39: expected struct sock_filter const *filter
net/core/filter.c:1291:39: got struct sock_filter [noderef] <asn:1>*filter
include/linux/filter.h:612:16: sparse: expression using sizeof(void)
net/core/filter.c:1552:43: sparse: incorrect type in argument 2 (different base types) @@ expected restricted __wsum [usertype] diff @@ got unsigned lonrestricted __wsum [usertype] diff @@
net/core/filter.c:1552:43: expected restricted __wsum [usertype] diff
net/core/filter.c:1552:43: got unsigned long long [unsigned] [usertype] to
net/core/filter.c:1555:36: sparse: incorrect type in argument 2 (different base types) @@ expected restricted __be16 [usertype] old @@ got unsigned lonrestricted __be16 [usertype] old @@
net/core/filter.c:1555:36: expected restricted __be16 [usertype] old
net/core/filter.c:1555:36: got unsigned long long [unsigned] [usertype] from
net/core/filter.c:1555:42: sparse: incorrect type in argument 3 (different base types) @@ expected restricted __be16 [usertype] new @@ got unsigned lonrestricted __be16 [usertype] new @@
net/core/filter.c:1555:42: expected restricted __be16 [usertype] new
net/core/filter.c:1555:42: got unsigned long long [unsigned] [usertype] to
net/core/filter.c:1558:36: sparse: incorrect type in argument 2 (different base types) @@ expected restricted __be32 [usertype] from @@ got unsigned lonrestricted __be32 [usertype] from @@
net/core/filter.c:1558:36: expected restricted __be32 [usertype] from
net/core/filter.c:1558:36: got unsigned long long [unsigned] [usertype] from
net/core/filter.c:1558:42: sparse: incorrect type in argument 3 (different base types) @@ expected restricted __be32 [usertype] to @@ got unsigned lonrestricted __be32 [usertype] to @@
net/core/filter.c:1558:42: expected restricted __be32 [usertype] to
net/core/filter.c:1558:42: got unsigned long long [unsigned] [usertype] to
net/core/filter.c:1603:59: sparse: incorrect type in argument 3 (different base types) @@ expected restricted __wsum [usertype] diff @@ got unsigned lonrestricted __wsum [usertype] diff @@
net/core/filter.c:1603:59: expected restricted __wsum [usertype] diff
net/core/filter.c:1603:59: got unsigned long long [unsigned] [usertype] to
net/core/filter.c:1606:52: sparse: incorrect type in argument 3 (different base types) @@ expected restricted __be16 [usertype] from @@ got unsigned lonrestricted __be16 [usertype] from @@
net/core/filter.c:1606:52: expected restricted __be16 [usertype] from
net/core/filter.c:1606:52: got unsigned long long [unsigned] [usertype] from
net/core/filter.c:1606:58: sparse: incorrect type in argument 4 (different base types) @@ expected restricted __be16 [usertype] to @@ got unsigned lonrestricted __be16 [usertype] to @@
net/core/filter.c:1606:58: expected restricted __be16 [usertype] to
net/core/filter.c:1606:58: got unsigned long long [unsigned] [usertype] to
net/core/filter.c:1609:52: sparse: incorrect type in argument 3 (different base types) @@ expected restricted __be32 [usertype] from @@ got unsigned lonrestricted __be32 [usertype] from @@
net/core/filter.c:1609:52: expected restricted __be32 [usertype] from
net/core/filter.c:1609:52: got unsigned long long [unsigned] [usertype] from
net/core/filter.c:1609:58: sparse: incorrect type in argument 4 (different base types) @@ expected restricted __be32 [usertype] to @@ got unsigned lonrestricted __be32 [usertype] to @@
net/core/filter.c:1609:58: expected restricted __be32 [usertype] to
net/core/filter.c:1609:58: got unsigned long long [unsigned] [usertype] to
net/core/filter.c:1655:28: sparse: incorrect type in return expression (different base types) @@ expected unsigned long long @@ got nsigned long long @@
net/core/filter.c:1655:28: expected unsigned long long
net/core/filter.c:1655:28: got restricted __wsum
net/core/filter.c:1677:35: sparse: incorrect type in return expression (different base types) @@ expected unsigned long long @@ got restricted unsigned long long @@
net/core/filter.c:1677:35: expected unsigned long long
net/core/filter.c:1677:35: got restricted __wsum [usertype] csum
net/core/filter.c:3462:41: sparse: expression using sizeof(void)
net/core/filter.c:3466:41: sparse: expression using sizeof(void)
net/core/filter.c:3470:46: sparse: expression using sizeof(void)
net/core/filter.c:3470:46: sparse: expression using sizeof(void)
net/core/filter.c:3538:47: sparse: expression using sizeof(void)
net/core/filter.c:3728:5: sparse: symbol 'bpf_push_seg6_encap' was not declared. Should it be static?
>> net/core/filter.c:5806:31: sparse: symbol 'lwt_out_verifier_ops' was not declared. Should it be static?
>> net/core/filter.c:5812:27: sparse: symbol 'lwt_out_prog_ops' was not declared. Should it be static?
Please review and possibly fold the followup patch.
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
^ permalink raw reply
* Re: [dm-devel] [PATCH v5] fault-injection: introduce kvmalloc fallback options
From: Mikulas Patocka @ 2018-04-26 15:44 UTC (permalink / raw)
To: James Bottomley
Cc: eric.dumazet, mst, netdev, Randy Dunlap, linux-kernel,
Matthew Wilcox, Michal Hocko, linux-mm, dm-devel, Vlastimil Babka,
David Rientjes, Andrew Morton, virtualization, David Miller,
edumazet
In-Reply-To: <1524756256.3226.7.camel@HansenPartnership.com>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 794 bytes --]
On Thu, 26 Apr 2018, James Bottomley wrote:
> On Thu, 2018-04-26 at 11:05 -0400, Mikulas Patocka wrote:
> >
> > On Thu, 26 Apr 2018, James Bottomley wrote:
> [...]
> > > Perhaps find out beforehand instead of insisting on an approach
> > without
> > > knowing. On openSUSE the grub config is built from the files in
> > > /etc/grub.d/ so any package can add a kernel option (and various
> > > conditions around activating it) simply by adding a new file.
> >
> > And then, different versions of the debug kernel will clash when
> > attempting to create the same file.
>
> Don't be silly ... there are many ways of coping with that in rpm/dpkg.
I know you can deal with it - but how many lines of code will that
consume? Multiplied by the total number of rpm-based distros.
Mikulas
[-- Attachment #2: Type: text/plain, Size: 183 bytes --]
_______________________________________________
Virtualization mailing list
Virtualization@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/virtualization
^ permalink raw reply
* Re: [PATCH net] sctp: handle two v4 addrs comparison in sctp_inet6_cmp_addr
From: Marcelo Ricardo Leitner @ 2018-04-26 15:51 UTC (permalink / raw)
To: Xin Long; +Cc: network dev, linux-sctp, davem, Neil Horman, syzkaller
In-Reply-To: <17bfe46d7b9941f2283043f45ea5644c166c32c3.1524723237.git.lucien.xin@gmail.com>
On Thu, Apr 26, 2018 at 02:13:57PM +0800, Xin Long wrote:
> Since sctp ipv6 socket also supports v4 addrs, it's possible to
> compare two v4 addrs in pf v6 .cmp_addr, sctp_inet6_cmp_addr.
>
> However after Commit 1071ec9d453a ("sctp: do not check port in
> sctp_inet6_cmp_addr"), it no longer calls af1->cmp_addr, which
> in this case is sctp_v4_cmp_addr, but calls __sctp_v6_cmp_addr
> where it handles them as two v6 addrs. It would cause a out of
> bounds crash.
>
> syzbot found this crash when trying to bind two v4 addrs to a
> v6 socket.
>
> This patch fixes it by adding the process for two v4 addrs in
> sctp_inet6_cmp_addr.
>
> Fixes: 1071ec9d453a ("sctp: do not check port in sctp_inet6_cmp_addr")
> Reported-by: syzbot+cd494c1dd681d4d93ebb@syzkaller.appspotmail.com
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> ---
> net/sctp/ipv6.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
> index 2e3f7b7..4224711 100644
> --- a/net/sctp/ipv6.c
> +++ b/net/sctp/ipv6.c
> @@ -895,6 +895,9 @@ static int sctp_inet6_cmp_addr(const union sctp_addr *addr1,
> if (sctp_is_any(sk, addr1) || sctp_is_any(sk, addr2))
> return 1;
>
> + if (addr1->sa.sa_family == AF_INET && addr2->sa.sa_family == AF_INET)
> + return addr1->v4.sin_addr.s_addr == addr2->v4.sin_addr.s_addr;
> +
> return __sctp_v6_cmp_addr(addr1, addr2);
> }
>
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply
* Re: [PATCH net] sctp: clear the new asoc's stream outcnt in sctp_stream_update
From: Marcelo Ricardo Leitner @ 2018-04-26 15:53 UTC (permalink / raw)
To: Xin Long; +Cc: network dev, linux-sctp, davem, Neil Horman
In-Reply-To: <7a1180e29789ab0aa339ae8b456a100520ffcdc5.1524727304.git.lucien.xin@gmail.com>
On Thu, Apr 26, 2018 at 03:21:44PM +0800, Xin Long wrote:
> When processing a duplicate cookie-echo chunk, sctp moves the new
> temp asoc's stream out/in into the old asoc, and later frees this
> new temp asoc.
>
> But now after this move, the new temp asoc's stream->outcnt is not
> cleared while stream->out is set to NULL, which would cause a same
> crash as the one fixed in Commit 79d0895140e9 ("sctp: fix error
> path in sctp_stream_init") when freeing this asoc later.
>
> This fix is to clear this outcnt in sctp_stream_update.
>
> Fixes: f952be79cebd ("sctp: introduce struct sctp_stream_out_ext")
> Reported-by: Jianwen Ji <jiji@redhat.com>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
> ---
> net/sctp/stream.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/sctp/stream.c b/net/sctp/stream.c
> index f799043..f1f1d1b 100644
> --- a/net/sctp/stream.c
> +++ b/net/sctp/stream.c
> @@ -240,6 +240,8 @@ void sctp_stream_update(struct sctp_stream *stream, struct sctp_stream *new)
>
> new->out = NULL;
> new->in = NULL;
> + new->outcnt = 0;
> + new->incnt = 0;
> }
>
> static int sctp_send_reconf(struct sctp_association *asoc,
> --
> 2.1.0
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-sctp" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply
* Re: [PATCH net-next] bridge: use hlist_entry_safe
From: Stephen Hemminger @ 2018-04-26 15:54 UTC (permalink / raw)
To: YueHaibing; +Cc: davem, netdev, bridge
In-Reply-To: <20180426030705.6632-1-yuehaibing@huawei.com>
On Thu, 26 Apr 2018 11:07:05 +0800
YueHaibing <yuehaibing@huawei.com> wrote:
> Use hlist_entry_safe() instead of open-coding it.
>
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> ---
> net/bridge/br_forward.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
> index b4eed11..7a7fd67 100644
> --- a/net/bridge/br_forward.c
> +++ b/net/bridge/br_forward.c
> @@ -274,8 +274,7 @@ void br_multicast_flood(struct net_bridge_mdb_entry *mdst,
> struct net_bridge_port *port, *lport, *rport;
>
> lport = p ? p->port : NULL;
> - rport = rp ? hlist_entry(rp, struct net_bridge_port, rlist) :
> - NULL;
> + rport = hlist_entry_safe(rp, struct net_bridge_port, rlist);
>
> if ((unsigned long)lport > (unsigned long)rport) {
>
port = lport;
Reviewed-by: Stephen Hemminger <stephen@networkplumber.org>
^ permalink raw reply
* Re: [dm-devel] [PATCH v5] fault-injection: introduce kvmalloc fallback options
From: Mikulas Patocka @ 2018-04-26 15:55 UTC (permalink / raw)
To: James Bottomley
Cc: Michal Hocko, David Rientjes, dm-devel, eric.dumazet, mst, netdev,
jasowang, Randy Dunlap, linux-kernel, Matthew Wilcox, linux-mm,
edumazet, Andrew Morton, virtualization, David Miller,
Vlastimil Babka
In-Reply-To: <1524756256.3226.7.camel@HansenPartnership.com>
On Thu, 26 Apr 2018, James Bottomley wrote:
> So you're shifting your argument from "I have to do it as a Kconfig
> option because the distros require it" to "distributions will build
> separate kernel packages for this, but won't do enabling in a non
> kernel package"? To be honest, I think the argument is nuts but I
> don't really care. From my point of view it's usually me explaining to
> people how to debug stuff and "you have to build your own kernel with
> this Kconfig option" compared to "add this to the kernel command line
> and reboot" is much more effort for the debugger.
>
> James
If you have to explain to the user that he needs to turn it on, it is
already wrong.
In order to find the kvmalloc abuses, it should be tested by as many users
as possible. And it could be tested by as many users as possible, if it
can be enabled in a VISIBLE place (i.e. menuconfig) - or (in my opinion
even better) it should be bound to an CONFIG_ option that is already
enabled for debugging kernel - then you won't have to explain anything to
the user at all.
Hardly anyone - except for people who read this thread - will know about
the new commandline parameters or debugfs files.
I'm not arguing that the commandline parameter or debugfs files are wrong.
They are OK to overridde the default settings for advanced users. But they
are useless for common users because common users won't know about them.
Mikulas
^ permalink raw reply
* Re: [PATCH net-next 6/6] mlxsw: spectrum_span: Allow bridge for gretap mirror
From: Stephen Hemminger @ 2018-04-26 15:58 UTC (permalink / raw)
To: Nikolay Aleksandrov
Cc: Ido Schimmel, netdev, bridge, davem, jiri, petrm, mlxsw
In-Reply-To: <1e3e120f-821a-2d99-b720-0585ce9c1803@cumulusnetworks.com>
On Thu, 26 Apr 2018 13:50:12 +0300
Nikolay Aleksandrov <nikolay@cumulusnetworks.com> wrote:
> On 26/04/18 12:06, Ido Schimmel wrote:
> > From: Petr Machata <petrm@mellanox.com>
> >
> > When handling mirroring to a gretap or ip6gretap netdevice in mlxsw, the
> > underlay address (i.e. the remote address of the tunnel) may be routed
> > to a bridge.
> >
> > In that case, look up the resolved neighbor Ethernet address in that
> > bridge's FDB. Then configure the offload to direct the mirrored traffic
> > to that port, possibly with tagging.
> >
> > Signed-off-by: Petr Machata <petrm@mellanox.com>
> > Signed-off-by: Ido Schimmel <idosch@mellanox.com>
> > ---
> > .../net/ethernet/mellanox/mlxsw/spectrum_span.c | 102 +++++++++++++++++++--
> > .../net/ethernet/mellanox/mlxsw/spectrum_span.h | 1 +
> > 2 files changed, 97 insertions(+), 6 deletions(-)
> >
> > diff --git a/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c b/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c
> > index 65a77708ff61..92fb81839852 100644
> > --- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c
> > +++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c
> > @@ -32,6 +32,7 @@
> > * POSSIBILITY OF SUCH DAMAGE.
> > */
> >
> > +#include <linux/if_bridge.h>
> > #include <linux/list.h>
> > #include <net/arp.h>
> > #include <net/gre.h>
> > @@ -39,8 +40,9 @@
> > #include <net/ip6_tunnel.h>
> >
> > #include "spectrum.h"
> > -#include "spectrum_span.h"
> > #include "spectrum_ipip.h"
> > +#include "spectrum_span.h"
> > +#include "spectrum_switchdev.h"
> >
> > int mlxsw_sp_span_init(struct mlxsw_sp *mlxsw_sp)
> > {
> > @@ -167,6 +169,79 @@ mlxsw_sp_span_entry_unoffloadable(struct mlxsw_sp_span_parms *sparmsp)
> > return 0;
> > }
> >
> > +static struct net_device *
> > +mlxsw_sp_span_entry_bridge_8021q(const struct net_device *br_dev,
> > + unsigned char *dmac,
> > + u16 *p_vid)
> > +{
> > + struct net_bridge_vlan_group *vg = br_vlan_group_rtnl(br_dev);
> > + u16 pvid = br_vlan_group_pvid(vg);
> > + struct net_device *edev = NULL;
> > + struct net_bridge_vlan *v;
> > +
>
> Hi,
> These structures are not really exported anywhere outside of br_private.h
> Instead of passing them around and risking someone else actually trying to
> dereference an incomplete type, why don't you add just 2 new helpers -
> br_vlan_pvid(netdevice) and br_vlan_info(netdevice, vid, *bridge_vlan_info)
>
> br_vlan_info can return the exported and already available type "bridge_vlan_info"
> (defined in uapi/linux/if_bridge.h) into the bridge_vlan_info arg
> and br_vlan_pvid is obvious - return the current dev pvid if available.
>
> Another bonus you'll avoid dealing with the bridge's vlan internals.
I am particularly worried that any locking changes will impact the device
driver. Also lock inversion issues, and implied (or not RTNL).
Also what if a value is changed, there is no notification path back to the device.
Having an API that only takes net_device and vlan seems preferable.
^ permalink raw reply
* Re: [dm-devel] [PATCH v5] fault-injection: introduce kvmalloc fallback options
From: Michael S. Tsirkin @ 2018-04-26 15:59 UTC (permalink / raw)
To: Mikulas Patocka
Cc: James Bottomley, Michal Hocko, David Rientjes, dm-devel,
eric.dumazet, netdev, jasowang, Randy Dunlap, linux-kernel,
Matthew Wilcox, linux-mm, edumazet, Andrew Morton, virtualization,
David Miller, Vlastimil Babka
In-Reply-To: <alpine.LRH.2.02.1804261142480.21152@file01.intranet.prod.int.rdu2.redhat.com>
On Thu, Apr 26, 2018 at 11:44:21AM -0400, Mikulas Patocka wrote:
>
>
> On Thu, 26 Apr 2018, James Bottomley wrote:
>
> > On Thu, 2018-04-26 at 11:05 -0400, Mikulas Patocka wrote:
> > >
> > > On Thu, 26 Apr 2018, James Bottomley wrote:
> > [...]
> > > > Perhaps find out beforehand instead of insisting on an approach
> > > without
> > > > knowing. On openSUSE the grub config is built from the files in
> > > > /etc/grub.d/ so any package can add a kernel option (and various
> > > > conditions around activating it) simply by adding a new file.
> > >
> > > And then, different versions of the debug kernel will clash when
> > > attempting to create the same file.
> >
> > Don't be silly ... there are many ways of coping with that in rpm/dpkg.
>
> I know you can deal with it - but how many lines of code will that
> consume? Multiplied by the total number of rpm-based distros.
>
> Mikulas
I don't think debug kernels should inject faults by default.
IIUC debug kernels mainly exist so people who experience e.g. memory
corruption can try and debug the failure. In this case, CONFIG_DEBUG_SG
will *already* catch a failure early. Nothing special needs to be done.
There is a much smaller class of people like QA who go actively looking
for trouble. That's the kind of thing fault injection is good for, and
IMO you do not want your QA team to test a separate kernel - otherwise
you are never quite sure whatever was tested will work in the field.
So a config option won't help them either.
How do you make sure QA tests a specific corner case? Add it to
the test plan :)
I don't speak for Red Hat, etc.
--
MST
^ permalink raw reply
* [PATCH 0/2] net: stmmac: dwmac-meson: 100M phy mode support for AXG SoC
From: Yixun Lan @ 2018-04-26 16:05 UTC (permalink / raw)
To: David S. Miller, netdev
Cc: Yixun Lan, Kevin Hilman, Carlo Caione, Rob Herring,
Martin Blumenstingl, linux-amlogic, linux-arm-kernel,
linux-kernel, devicetree
Due to the dwmac glue layer register changed, we need to
introduce a new compatible name for the Meson-AXG SoC
to support for the RMII 100M ethernet PHY.
Yixun Lan (2):
dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
net: stmmac: dwmac-meson: extend phy mode setting
.../devicetree/bindings/net/meson-dwmac.txt | 1 +
.../ethernet/stmicro/stmmac/dwmac-meson8b.c | 96 ++++++++++++++++---
2 files changed, 86 insertions(+), 11 deletions(-)
--
2.17.0
^ permalink raw reply
* [PATCH 1/2] dt-bindings: net: meson-dwmac: new compatible name for AXG SoC
From: Yixun Lan @ 2018-04-26 16:05 UTC (permalink / raw)
To: David S. Miller, netdev
Cc: Yixun Lan, Kevin Hilman, Carlo Caione, Rob Herring,
Martin Blumenstingl, linux-amlogic, linux-arm-kernel,
linux-kernel, devicetree
In-Reply-To: <20180426160508.29380-1-yixun.lan@amlogic.com>
We need to introduce a new compatible name for the Meson-AXG SoC
in order to support the RMII 100M ethernet PHY, since the PRG_ETH0
register of the dwmac glue layer is changed from previous old SoC.
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
---
Documentation/devicetree/bindings/net/meson-dwmac.txt | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/devicetree/bindings/net/meson-dwmac.txt b/Documentation/devicetree/bindings/net/meson-dwmac.txt
index 61cada22ae6c..1321bb194ed9 100644
--- a/Documentation/devicetree/bindings/net/meson-dwmac.txt
+++ b/Documentation/devicetree/bindings/net/meson-dwmac.txt
@@ -11,6 +11,7 @@ Required properties on all platforms:
- "amlogic,meson8b-dwmac"
- "amlogic,meson8m2-dwmac"
- "amlogic,meson-gxbb-dwmac"
+ - "amlogic,meson-axg-dwmac"
Additionally "snps,dwmac" and any applicable more
detailed version number described in net/stmmac.txt
should be used.
--
2.17.0
^ permalink raw reply related
* [PATCH 2/2] net: stmmac: dwmac-meson: extend phy mode setting
From: Yixun Lan @ 2018-04-26 16:05 UTC (permalink / raw)
To: David S. Miller, netdev
Cc: Yixun Lan, Kevin Hilman, Carlo Caione, Rob Herring,
Martin Blumenstingl, linux-amlogic, linux-arm-kernel,
linux-kernel
In-Reply-To: <20180426160508.29380-1-yixun.lan@amlogic.com>
In the Meson-AXG SoC, the phy mode setting of PRG_ETH0 in the glue layer
is extended from bit[0] to bit[2:0].
There is no problem if we configure it to the RGMII 1000M PHY mode,
since the register setting is coincidentally compatible with previous one,
but for the RMII 100M PHY mode, the configuration need to be changed to
value - b100.
This patch was verified with a RTL8201F 100M ethernet PHY.
Signed-off-by: Yixun Lan <yixun.lan@amlogic.com>
---
.../ethernet/stmicro/stmmac/dwmac-meson8b.c | 95 ++++++++++++++++---
1 file changed, 84 insertions(+), 11 deletions(-)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
index 7cb794094a70..e3688b6dd87c 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac-meson8b.c
@@ -18,6 +18,7 @@
#include <linux/io.h>
#include <linux/ioport.h>
#include <linux/module.h>
+#include <linux/of_device.h>
#include <linux/of_net.h>
#include <linux/mfd/syscon.h>
#include <linux/platform_device.h>
@@ -29,6 +30,10 @@
#define PRG_ETH0_RGMII_MODE BIT(0)
+#define PRG_ETH0_EXT_PHY_MODE_MASK GENMASK(2, 0)
+#define PRG_ETH0_EXT_RGMII_MODE 1
+#define PRG_ETH0_EXT_RMII_MODE 4
+
/* mux to choose between fclk_div2 (bit unset) and mpll2 (bit set) */
#define PRG_ETH0_CLK_M250_SEL_SHIFT 4
#define PRG_ETH0_CLK_M250_SEL_MASK GENMASK(4, 4)
@@ -46,10 +51,16 @@
#define PRG_ETH0_TX_AND_PHY_REF_CLK BIT(12)
#define MUX_CLK_NUM_PARENTS 2
+struct meson8b_dwmac_data {
+ bool ext_phy_mode;
+};
struct meson8b_dwmac {
struct device *dev;
void __iomem *regs;
+
+ const struct meson8b_dwmac_data *data;
+
phy_interface_t phy_mode;
struct clk *rgmii_tx_clk;
u32 tx_delay_ns;
@@ -171,6 +182,46 @@ static int meson8b_init_rgmii_tx_clk(struct meson8b_dwmac *dwmac)
return 0;
}
+static int meson8b_init_set_mode(struct meson8b_dwmac *dwmac)
+{
+ bool ext_phy_mode = dwmac->data->ext_phy_mode;
+
+ switch (dwmac->phy_mode) {
+ case PHY_INTERFACE_MODE_RGMII:
+ case PHY_INTERFACE_MODE_RGMII_RXID:
+ case PHY_INTERFACE_MODE_RGMII_ID:
+ case PHY_INTERFACE_MODE_RGMII_TXID:
+ /* enable RGMII mode */
+ if (ext_phy_mode)
+ meson8b_dwmac_mask_bits(dwmac, PRG_ETH0,
+ PRG_ETH0_EXT_PHY_MODE_MASK,
+ PRG_ETH0_EXT_RGMII_MODE);
+ else
+ meson8b_dwmac_mask_bits(dwmac, PRG_ETH0,
+ PRG_ETH0_RGMII_MODE,
+ PRG_ETH0_RGMII_MODE);
+
+ break;
+ case PHY_INTERFACE_MODE_RMII:
+ /* disable RGMII mode -> enables RMII mode */
+ if (ext_phy_mode)
+ meson8b_dwmac_mask_bits(dwmac, PRG_ETH0,
+ PRG_ETH0_EXT_PHY_MODE_MASK,
+ PRG_ETH0_EXT_RMII_MODE);
+ else
+ meson8b_dwmac_mask_bits(dwmac, PRG_ETH0,
+ PRG_ETH0_RGMII_MODE, 0);
+
+ break;
+ default:
+ dev_err(dwmac->dev, "fail to set phy-mode %s\n",
+ phy_modes(dwmac->phy_mode));
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
static int meson8b_init_prg_eth(struct meson8b_dwmac *dwmac)
{
int ret;
@@ -188,10 +239,6 @@ static int meson8b_init_prg_eth(struct meson8b_dwmac *dwmac)
case PHY_INTERFACE_MODE_RGMII_ID:
case PHY_INTERFACE_MODE_RGMII_TXID:
- /* enable RGMII mode */
- meson8b_dwmac_mask_bits(dwmac, PRG_ETH0, PRG_ETH0_RGMII_MODE,
- PRG_ETH0_RGMII_MODE);
-
/* only relevant for RMII mode -> disable in RGMII mode */
meson8b_dwmac_mask_bits(dwmac, PRG_ETH0,
PRG_ETH0_INVERTED_RMII_CLK, 0);
@@ -224,10 +271,6 @@ static int meson8b_init_prg_eth(struct meson8b_dwmac *dwmac)
break;
case PHY_INTERFACE_MODE_RMII:
- /* disable RGMII mode -> enables RMII mode */
- meson8b_dwmac_mask_bits(dwmac, PRG_ETH0, PRG_ETH0_RGMII_MODE,
- 0);
-
/* invert internal clk_rmii_i to generate 25/2.5 tx_rx_clk */
meson8b_dwmac_mask_bits(dwmac, PRG_ETH0,
PRG_ETH0_INVERTED_RMII_CLK,
@@ -274,6 +317,11 @@ static int meson8b_dwmac_probe(struct platform_device *pdev)
goto err_remove_config_dt;
}
+ dwmac->data = (const struct meson8b_dwmac_data *)
+ of_device_get_match_data(&pdev->dev);
+ if (!dwmac->data)
+ return -EINVAL;
+
res = platform_get_resource(pdev, IORESOURCE_MEM, 1);
dwmac->regs = devm_ioremap_resource(&pdev->dev, res);
if (IS_ERR(dwmac->regs)) {
@@ -298,6 +346,10 @@ static int meson8b_dwmac_probe(struct platform_device *pdev)
if (ret)
goto err_remove_config_dt;
+ ret = meson8b_init_set_mode(dwmac);
+ if (ret)
+ goto err_remove_config_dt;
+
ret = meson8b_init_prg_eth(dwmac);
if (ret)
goto err_remove_config_dt;
@@ -316,10 +368,31 @@ static int meson8b_dwmac_probe(struct platform_device *pdev)
return ret;
}
+static const struct meson8b_dwmac_data meson8b_dwmac_data = {
+ .ext_phy_mode = false,
+};
+
+static const struct meson8b_dwmac_data meson_axg_dwmac_data = {
+ .ext_phy_mode = true,
+};
+
static const struct of_device_id meson8b_dwmac_match[] = {
- { .compatible = "amlogic,meson8b-dwmac" },
- { .compatible = "amlogic,meson8m2-dwmac" },
- { .compatible = "amlogic,meson-gxbb-dwmac" },
+ {
+ .compatible = "amlogic,meson8b-dwmac",
+ .data = &meson8b_dwmac_data,
+ },
+ {
+ .compatible = "amlogic,meson8m2-dwmac",
+ .data = &meson8b_dwmac_data,
+ },
+ {
+ .compatible = "amlogic,meson-gxbb-dwmac",
+ .data = &meson8b_dwmac_data,
+ },
+ {
+ .compatible = "amlogic,meson-axg-dwmac",
+ .data = &meson_axg_dwmac_data,
+ },
{ }
};
MODULE_DEVICE_TABLE(of, meson8b_dwmac_match);
--
2.17.0
^ permalink raw reply related
* Re: [dm-devel] [PATCH v5] fault-injection: introduce kvmalloc fallback options
From: Mikulas Patocka @ 2018-04-26 16:07 UTC (permalink / raw)
To: Michael S. Tsirkin
Cc: James Bottomley, Michal Hocko, David Rientjes, dm-devel,
eric.dumazet, netdev, jasowang, Randy Dunlap, linux-kernel,
Matthew Wilcox, linux-mm, edumazet, Andrew Morton, virtualization,
David Miller, Vlastimil Babka
In-Reply-To: <20180426184845-mutt-send-email-mst@kernel.org>
[-- Attachment #1: Type: TEXT/PLAIN, Size: 2389 bytes --]
On Thu, 26 Apr 2018, Michael S. Tsirkin wrote:
> On Thu, Apr 26, 2018 at 11:44:21AM -0400, Mikulas Patocka wrote:
> >
> >
> > On Thu, 26 Apr 2018, James Bottomley wrote:
> >
> > > On Thu, 2018-04-26 at 11:05 -0400, Mikulas Patocka wrote:
> > > >
> > > > On Thu, 26 Apr 2018, James Bottomley wrote:
> > > [...]
> > > > > Perhaps find out beforehand instead of insisting on an approach
> > > > without
> > > > > knowing. On openSUSE the grub config is built from the files in
> > > > > /etc/grub.d/ so any package can add a kernel option (and various
> > > > > conditions around activating it) simply by adding a new file.
> > > >
> > > > And then, different versions of the debug kernel will clash when
> > > > attempting to create the same file.
> > >
> > > Don't be silly ... there are many ways of coping with that in rpm/dpkg.
> >
> > I know you can deal with it - but how many lines of code will that
> > consume? Multiplied by the total number of rpm-based distros.
> >
> > Mikulas
>
> I don't think debug kernels should inject faults by default.
But it is not injecting any faults. It is using the fault-injection
framework because Michal said that it should use it. The original version
of the patch didn't use the fault-injection framework at all.
The kvmalloc function can take two branches, the kmalloc branch and
vmalloc branch. The vmalloc branch is taken rarely, so the kernel contains
bugs regarding this path - and the patch increases the probability that
the vmalloc patch is taken, to discover the bugs early and make them
reproducible.
> IIUC debug kernels mainly exist so people who experience e.g. memory
> corruption can try and debug the failure. In this case, CONFIG_DEBUG_SG
> will *already* catch a failure early. Nothing special needs to be done.
The patch helps people debug such memory coprruptions (such as using DMA
API on the result of kvmalloc).
> There is a much smaller class of people like QA who go actively looking
> for trouble. That's the kind of thing fault injection is good for, and
> IMO you do not want your QA team to test a separate kernel - otherwise
> you are never quite sure whatever was tested will work in the field.
> So a config option won't help them either.
>
> How do you make sure QA tests a specific corner case? Add it to
> the test plan :)
>
> I don't speak for Red Hat, etc.
>
> --
> MST
Mikulas
^ permalink raw reply
* Re: [PATCH net-next 1/2 v2] netns: restrict uevents
From: Christian Brauner @ 2018-04-26 16:13 UTC (permalink / raw)
To: Eric W. Biederman
Cc: David Miller, netdev, linux-kernel, avagin, ktkhai, serge, gregkh
In-Reply-To: <87wowww6p8.fsf@xmission.com>
On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote:
> Christian Brauner <christian.brauner@canonical.com> writes:
>
> > On Wed, Apr 25, 2018, 00:41 Eric W. Biederman <ebiederm@xmission.com> wrote:
> >
> > Bah. This code is obviously correct and probably wrong.
> >
> > How do we deliver uevents for network devices that are outside of the
> > initial user namespace? The kernel still needs to deliver those.
> >
> > The logic to figure out which network namespace a device needs to be
> > delivered to is is present in kobj_bcast_filter. That logic will almost
> > certainly need to be turned inside out. Sign not as easy as I would
> > have hoped.
> >
> > My first patch that we discussed put additional filtering logic into kobj_bcast_filter for that very reason. But I can move that logic
> > out and come up with a new patch.
>
> I may have mis-understood.
>
> I heard and am still hearing additional filtering to reduce the places
> the packet is delievered.
>
> I am saying something needs to change to increase the number of places
> the packet is delivered.
>
> For the special class of devices that kobj_bcast_filter would apply to
> those need to be delivered to netowrk namespaces that are no longer on
> uevent_sock_list.
>
> So the code fundamentally needs to split into two paths. Ordinary
> devices that use uevent_sock_list. Network devices that are just
> delivered in their own network namespace.
>
> netlink_broadcast_filtered gets to go away completely.
The split *might* make sense but I think you're wrong about removing the
kobj_bcast_filter. The current filter doesn't operate on the uevent
socket in uevent_sock_list itself it rather operates on the sockets in
mc_list. And if socket in mc_list can have a different network namespace
then the uevent_socket itself then your way won't work. That's why my
original patch added additional filtering in there. The way I see it we
need something like:
init_user_ns_broadcast_filtered(uevent_sock_list, kobj_bcast_filter);
user_ns_broadcast_filtered(uevent_sock_list,kobj_bcast_filter);
The question that remains is whether we can rely on the network
namespace information we can gather from the kobject_ns_type_operations
to decide where we want to broadcast that event to. So something *like*:
ops = kobj_ns_ops(kobj);
if (!ops && kobj->kset) {
struct kobject *ksobj = &kobj->kset->kobj;
if (ksobj->parent != NULL)
ops = kobj_ns_ops(ksobj->parent);
}
if (ops && ops->netlink_ns && kobj->ktype->namespace)
if (ops->type == KOBJ_NS_TYPE_NET)
net = kobj->ktype->namespace(kobj);
if (!net || net->user_ns == &init_user_ns)
ret = init_user_ns_broadcast(env, action_string, devpath);
else
ret = user_ns_broadcast(net->uevent_sock->sk, env,
action_string, devpath);
Christian
> The logic of figuring out the network namespace though becomes trickier.
>
> Now it may make sense to have all of that as an additional patch on top
> of this one or perhaps a precursor patch that addresses the problem. We
> will unfortunately drop those uevents today because their uids are not
> valid. But they are not delivered anywhere else so to allow them to be
> received we need to fix them.
>
> Eric
>
> >
> > Christian Brauner <christian.brauner@ubuntu.com> writes:
> > > commit 07e98962fa77 ("kobject: Send hotplug events in all network namespaces")
> > >
> > > enabled sending hotplug events into all network namespaces back in 2010.
> > > Over time the set of uevents that get sent into all network namespaces has
> > > shrunk a little. We have now reached the point where hotplug events for all
> > > devices that carry a namespace tag are filtered according to that
> > > namespace. Specifically, they are filtered whenever the namespace tag of
> > > the kobject does not match the namespace tag of the netlink socket. One
> > > example are network devices. Uevents for network devices only show up in
> > > the network namespaces these devices are moved to or created in.
> > >
> > > However, any uevent for a kobject that does not have a namespace tag
> > > associated with it will not be filtered and we will broadcast it into all
> > > network namespaces. This behavior stopped making sense when user namespaces
> > > were introduced.
> > >
> > > This patch restricts uevents to the initial user namespace for a couple of
> > > reasons that have been extensively discusses on the mailing list [1].
> > > - Thundering herd:
> > > Broadcasting uevents into all network namespaces introduces significant
> > > overhead.
> > > All processes that listen to uevents running in non-initial user
> > > namespaces will end up responding to uevents that will be meaningless to
> > > them. Mainly, because non-initial user namespaces cannot easily manage
> > > devices unless they have a privileged host-process helping them out. This
> > > means that there will be a thundering herd of activity when there
> > > shouldn't be any.
> > > - Uevents from non-root users are already filtered in userspace:
> > > Uevents are filtered by userspace in a user namespace because the
> > > received uid != 0. Instead the uid associated with the event will be
> > > 65534 == "nobody" because the global root uid is not mapped.
> > > This means we can safely and without introducing regressions modify the
> > > kernel to not send uevents into all network namespaces whose owning user
> > > namespace is not the initial user namespace because we know that
> > > userspace will ignore the message because of the uid anyway. I have
> > > a) verified that is is true for every udev implementation out there b)
> > > that this behavior has been present in all udev implementations from the
> > > very beginning.
> > > - Removing needless overhead/Increasing performance:
> > > Currently, the uevent socket for each network namespace is added to the
> > > global variable uevent_sock_list. The list itself needs to be protected
> > > by a mutex. So everytime a uevent is generated the mutex is taken on the
> > > list. The mutex is held *from the creation of the uevent (memory
> > > allocation, string creation etc. until all uevent sockets have been
> > > handled*. This is aggravated by the fact that for each uevent socket that
> > > has listeners the mc_list must be walked as well which means we're
> > > talking O(n^2) here. Given that a standard Linux workload usually has
> > > quite a lot of network namespaces and - in the face of containers - a lot
> > > of user namespaces this quickly becomes a performance problem (see
> > > "Thundering herd" above). By just recording uevent sockets of network
> > > namespaces that are owned by the initial user namespace we significantly
> > > increase performance in this codepath.
> > > - Injecting uevents:
> > > There's a valid argument that containers might be interested in receiving
> > > device events especially if they are delegated to them by a privileged
> > > userspace process. One prime example are SR-IOV enabled devices that are
> > > explicitly designed to be handed of to other users such as VMs or
> > > containers.
> > > This use-case can now be correctly handled since
> > > commit 692ec06d7c92 ("netns: send uevent messages"). This commit
> > > introduced the ability to send uevents from userspace. As such we can let
> > > a sufficiently privileged (CAP_SYS_ADMIN in the owning user namespace of
> > > the network namespace of the netlink socket) userspace process make a
> > > decision what uevents should be sent. This removes the need to blindly
> > > broadcast uevents into all user namespaces and provides a performant and
> > > safe solution to this problem.
> > > - Filtering logic:
> > > This patch filters by *owning user namespace of the network namespace a
> > > given task resides in* and not by user namespace of the task per se. This
> > > means if the user namespace of a given task is unshared but the network
> > > namespace is kept and is owned by the initial user namespace a listener
> > > that is opening the uevent socket in that network namespace can still
> > > listen to uevents.
> > >
> > > [1]: https://lkml.org/lkml/2018/4/4/739
> > > Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
> > > ---
> > > Changelog v1->v2:
> > > * patch unchanged
> > > Changelog v0->v1:
> > > * patch unchanged
> > > ---
> > > lib/kobject_uevent.c | 18 ++++++++++++------
> > > 1 file changed, 12 insertions(+), 6 deletions(-)
> > >
> > > diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
> > > index 15ea216a67ce..f5f5038787ac 100644
> > > --- a/lib/kobject_uevent.c
> > > +++ b/lib/kobject_uevent.c
> > > @@ -703,9 +703,13 @@ static int uevent_net_init(struct net *net)
> > >
> > > net->uevent_sock = ue_sk;
> > >
> > > - mutex_lock(&uevent_sock_mutex);
> > > - list_add_tail(&ue_sk->list, &uevent_sock_list);
> > > - mutex_unlock(&uevent_sock_mutex);
> > > + /* Restrict uevents to initial user namespace. */
> > > + if (sock_net(ue_sk->sk)->user_ns == &init_user_ns) {
> > > + mutex_lock(&uevent_sock_mutex);
> > > + list_add_tail(&ue_sk->list, &uevent_sock_list);
> > > + mutex_unlock(&uevent_sock_mutex);
> > > + }
> > > +
> > > return 0;
> > > }
> > >
> > > @@ -713,9 +717,11 @@ static void uevent_net_exit(struct net *net)
> > > {
> > > struct uevent_sock *ue_sk = net->uevent_sock;
> > >
> > > - mutex_lock(&uevent_sock_mutex);
> > > - list_del(&ue_sk->list);
> > > - mutex_unlock(&uevent_sock_mutex);
> > > + if (sock_net(ue_sk->sk)->user_ns == &init_user_ns) {
> > > + mutex_lock(&uevent_sock_mutex);
> > > + list_del(&ue_sk->list);
> > > + mutex_unlock(&uevent_sock_mutex);
> > > + }
> > >
> > > netlink_kernel_release(ue_sk->sk);
> > > kfree(ue_sk);
^ permalink raw reply
* Re: [PATCH net-next 1/2 v2] netns: restrict uevents
From: Eric W. Biederman @ 2018-04-26 16:47 UTC (permalink / raw)
To: Christian Brauner
Cc: David Miller, netdev, linux-kernel, avagin, ktkhai, serge, gregkh
In-Reply-To: <20180426161353.GA2014@gmail.com>
Christian Brauner <christian.brauner@canonical.com> writes:
> On Tue, Apr 24, 2018 at 06:00:35PM -0500, Eric W. Biederman wrote:
>> Christian Brauner <christian.brauner@canonical.com> writes:
>>
>> > On Wed, Apr 25, 2018, 00:41 Eric W. Biederman <ebiederm@xmission.com> wrote:
>> >
>> > Bah. This code is obviously correct and probably wrong.
>> >
>> > How do we deliver uevents for network devices that are outside of the
>> > initial user namespace? The kernel still needs to deliver those.
>> >
>> > The logic to figure out which network namespace a device needs to be
>> > delivered to is is present in kobj_bcast_filter. That logic will almost
>> > certainly need to be turned inside out. Sign not as easy as I would
>> > have hoped.
>> >
>> > My first patch that we discussed put additional filtering logic into kobj_bcast_filter for that very reason. But I can move that logic
>> > out and come up with a new patch.
>>
>> I may have mis-understood.
>>
>> I heard and am still hearing additional filtering to reduce the places
>> the packet is delievered.
>>
>> I am saying something needs to change to increase the number of places
>> the packet is delivered.
>>
>> For the special class of devices that kobj_bcast_filter would apply to
>> those need to be delivered to netowrk namespaces that are no longer on
>> uevent_sock_list.
>>
>> So the code fundamentally needs to split into two paths. Ordinary
>> devices that use uevent_sock_list. Network devices that are just
>> delivered in their own network namespace.
>>
>> netlink_broadcast_filtered gets to go away completely.
>
> The split *might* make sense but I think you're wrong about removing the
> kobj_bcast_filter. The current filter doesn't operate on the uevent
> socket in uevent_sock_list itself it rather operates on the sockets in
> mc_list. And if socket in mc_list can have a different network namespace
> then the uevent_socket itself then your way won't work. That's why my
> original patch added additional filtering in there. The way I see it we
> need something like:
We already filter the sockets in the mc_list by network namespace.
When a packet is transmitted with netlink_broadcast it is only
transmitted within a single network namespace.
Even in the case of a NETLINK_F_LISTEN_ALL_NSID socket the skb is tagged
with it's source network namespace so no confusion will result, and the
permission checks have been done to make it safe. So you can safely
ignore that case. Please ignore that case. It only needs to be
considered if refactoring af_netlink.c
When I added netlink_broadcast_filtered I imagined that we would need
code that worked across network namespaces that worked for different
namespaces. So it looked like we would need the level of granularity
that you can get with netlink_broadcast_filtered. It turns out we don't
and that it was a case of over design. As the only split we care about
is per network namespace there is no need for
netlink_broadcast_filtered.
> init_user_ns_broadcast_filtered(uevent_sock_list, kobj_bcast_filter);
> user_ns_broadcast_filtered(uevent_sock_list,kobj_bcast_filter);
>
> The question that remains is whether we can rely on the network
> namespace information we can gather from the kobject_ns_type_operations
> to decide where we want to broadcast that event to. So something
> *like*:
We can. We already do. That is what kobj_bcast_filter implements.
> ops = kobj_ns_ops(kobj);
> if (!ops && kobj->kset) {
> struct kobject *ksobj = &kobj->kset->kobj;
> if (ksobj->parent != NULL)
> ops = kobj_ns_ops(ksobj->parent);
> }
>
> if (ops && ops->netlink_ns && kobj->ktype->namespace)
> if (ops->type == KOBJ_NS_TYPE_NET)
> net = kobj->ktype->namespace(kobj);
Please note the only entry in the enumeration in the kobj_ns_type
enumeration other than KOBJ_NS_TYPE_NONE is KOBJ_NS_TYPE_NET. So the
check for ops->type in this case is redundant.
That is something else that could be simplifed. At the time it was the
necessary to get the sysfs changes merged.
> if (!net || net->user_ns == &init_user_ns)
> ret = init_user_ns_broadcast(env, action_string, devpath);
> else
> ret = user_ns_broadcast(net->uevent_sock->sk, env,
> action_string, devpath);
Almost.
if (!net)
kobject_uevent_net_broadcast(kobj, env, action_string,
dev_path);
else
netlink_broadcast(net->uevent_sock->sk, skb, 0, 1, GFP_KERNEL);
I am handwaving to get the skb in the netlink_broadcast case but that
should be enough for you to see what I am thinking.
My only concern with the above is that we almost certainly need to fix
the credentials on the skb so that userspace does not drop the packet
sent to a network namespace because it has the credentials that will
cause userspace to drop the packet today.
But it should be straight forward to look at net->user_ns, to fix the
credentials.
Eric
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox